.. _upload-own-cert-app-management:

Upload a certificate to use for app registration
--------------------------------------------------

.. _24.1|VOSS-1265:
.. _24.2-PB1|EKB-23023:

:bdg-primary:`Microsoft`

.. tip:: 

   :ref:`use-action-search-to-navigate-automate`


This procedure uploads a `.PFX` file into Automate so that it can be used for application registration. 

.. note:: 
    
   Certificates are required for authentication. Although you can generate a certificate in Automate and upload that certificate to Microsoft Entra. In some cases, 
   customers prefer to use their own certificate. Once the certificate is uploaded to Automate, Automate can manage it 
   on itself and on the PowerShell proxy. 



1. In the Automate Admin Portal, choose the relevant customer hierarchy, then go to **File Management**. 
2. Click the Plus icon (+) to add a new record. 

   .. image:: /src/images/admin-file-management-add.png 

3. Click **Choose File**, then browse to the location where you have the file stored on your computer 
   or network. 

   .. note:: 

      The file you're adding **must** be a `.PFX` file that is signed and has the required encryption. 

5. Optionally, add a description, then click **Save**. 
6. Choose the relevant customer, then go to **Certificate Management**, and click the 
   Plus icon (+) to add a new record. 
7. Add the new certificate, using the `.PFX` file you added:

   * Add a name and a description. 
   * At **PFX File**, in the drop-down, select the `.PFX` file you uploaded. 
   * Add the PFX file password. 

     .. note:: 

        This is the password that is generated when converting the certificate into `.PFX` format outside 
        of Automate. 

   * Save your changes. 
   
   Automate creates the certificate file and deletes the `.PFX` file from Automate. The certificate will now 
   be available to use in the tenant for application registration. See *Configure Microsoft Tenant Connection Parameters* 
   in the Core Feature Guide.

   There is no need to upload this certificate into Microsoft Entra because this certificate already exists there. 
   If your certificate does not yet exist in Microsoft Entra, you'll need to export the public key via the 
   **Certificate Management** page, then upload the certificate into Automate in order to use it in the tenant 
   connection parameters.  





.. rubric:: Related topics 

* :ref:`moh-file-management`
* :ref:`upload-sso-idp-metadata`
* :ref:`upload-own-cert-app-management`
* :ref:`file-management`